From: Alexey Klimov <alexey.klimov@arm.com>
To: rjw@rjwysocki.net, linux-acpi@vger.kernel.org
Cc: ashwin.chaugule@linaro.org, jaswinder.singh@linaro.org,
jassisinghbrar@gmail.com, sudeep.holla@arm.com,
linux-kernel@vger.kernel.org,
Alexey Klimov <alexey.klimov@arm.com>
Subject: Re: [PATCH] mailbox: pcc: fix channel calculation in get_pcc_channel()
Date: Mon, 1 Feb 2016 15:19:05 +0000 [thread overview]
Message-ID: <1454339945-30565-1-git-send-email-alexey.klimov@arm.com> (raw)
In-Reply-To: <CAJ5Y-eYdPM+hSZdH_Sz10K6iHb0cCB1E4Wh_A_sJn_yyLgLjZQ@mail.gmail.com>
(adding Rafael and linux-acpi)
On Fri, Jan 15, 2016 at 6:22 PM, Ashwin Chaugule <ashwin.chaugule@linaro.org> wrote:
> + Jassi (Linaro addr)
>
> On 15 January 2016 at 13:20, Ashwin Chaugule <ashwin.chaugule@linaro.org> wrote:
>> Jassi,
>>
>> On 10 December 2015 at 13:19, Ashwin Chaugule
>> <ashwin.chaugule@linaro.org> wrote:
>>> On 10 December 2015 at 12:28, Alexey Klimov <alexey.klimov@arm.com> wrote:
>>>> This patch fixes the calculation of pcc_chan for non-zero id.
>>>> After the compiler ignores the (unsigned long) cast the
>>>> pcc_mbox_channels pointer is type-cast and then the type-cast
>>>> offset is added which results in address outside of the range
>>>> leading to the kernel crashing.
>>>>
>>>> We might add braces and make it:
>>>>
>>>> pcc_chan = (struct mbox_chan *)
>>>> ((unsigned long) pcc_mbox_channels +
>>>> (id * sizeof(*pcc_chan)));
>>>>
>>>> but let's go with array approach here and use id as index.
>>>>
>>>> Tested on Juno board.
>>>>
>>>> Acked-by: Sudeep Holla <sudeep.holla@arm.com>
>>>> Signed-off-by: Alexey Klimov <alexey.klimov@arm.com>
>>>> ---
>>>> drivers/mailbox/pcc.c | 8 +-------
>>>> 1 file changed, 1 insertion(+), 7 deletions(-)
>>>>
>>>> diff --git a/drivers/mailbox/pcc.c b/drivers/mailbox/pcc.c
>>>> index 45d85ae..8f779a1 100644
>>>> --- a/drivers/mailbox/pcc.c
>>>> +++ b/drivers/mailbox/pcc.c
>>>> @@ -81,16 +81,10 @@ static struct mbox_controller pcc_mbox_ctrl = {};
>>>> */
>>>> static struct mbox_chan *get_pcc_channel(int id)
>>>> {
>>>> - struct mbox_chan *pcc_chan;
>>>> -
>>>> if (id < 0 || id > pcc_mbox_ctrl.num_chans)
>>>> return ERR_PTR(-ENOENT);
>>>>
>>>> - pcc_chan = (struct mbox_chan *)
>>>> - (unsigned long) pcc_mbox_channels +
>>>> - (id * sizeof(*pcc_chan));
>>>> -
>>>> - return pcc_chan;
>>>> + return &pcc_mbox_channels[id];
>>>> }
>>>>
>>>
>>>
>>> Strange that we didn't catch this even with a non-zero id. But the
>>> change makes sense so..
>>>
>>> Acked-by: Ashwin Chaugule <ashwin.chaugule@linaro.org>
>>
>> Can you please include this patch in your pull request to Linus?
Hi Rafael,
any chance you can take this fix via your tree?
I can resend patch if you want.
Looks like Jassi doesn't have time or doesn't care.
Best regards,
Alexey
next parent reply other threads:[~2016-02-01 15:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAJ5Y-eYdPM+hSZdH_Sz10K6iHb0cCB1E4Wh_A_sJn_yyLgLjZQ@mail.gmail.com>
2016-02-01 15:19 ` Alexey Klimov [this message]
2016-02-01 15:43 ` [PATCH] mailbox: pcc: fix channel calculation in get_pcc_channel() Jassi Brar
2016-02-01 20:51 ` Rafael J. Wysocki
2016-02-02 11:12 ` Jassi Brar
2016-02-03 1:22 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1454339945-30565-1-git-send-email-alexey.klimov@arm.com \
--to=alexey.klimov@arm.com \
--cc=ashwin.chaugule@linaro.org \
--cc=jassisinghbrar@gmail.com \
--cc=jaswinder.singh@linaro.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rjw@rjwysocki.net \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).